From c5ae65889fc0dbaf12bbcabc93410245bbc11cc1 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Mon, 6 May 2013 08:49:20 +0200
Subject: ssl: Only send ECC-hello extension if ECC-cipher suites are
 advertised

---
 lib/ssl/src/ssl_cipher.erl | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'lib/ssl/src/ssl_cipher.erl')

diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index accea63344..dc413d6dfc 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -278,6 +278,11 @@ srp_suites() ->
 %% TLS v1.1 suites
 suite_definition(?TLS_NULL_WITH_NULL_NULL) ->
     {null, null, null, null};
+%% RFC 5746 - Not a real cipher suite used to signal empty "renegotiation_info" extension
+%% to avoid handshake failure from old servers that do not ignore
+%% hello extension data as they should.
+suite_definition(?TLS_EMPTY_RENEGOTIATION_INFO_SCSV) ->
+    {null, null, null, null};
 %% suite_definition(?TLS_RSA_WITH_NULL_MD5) ->
 %%     {rsa, null, md5, default_prf};
 %% suite_definition(?TLS_RSA_WITH_NULL_SHA) ->
-- 
cgit v1.2.3